Threat Intelligence Analyst Tool Stack 2026

Threat Intelligence Platforms

Aggregate and operationalize threat feeds.

• ThreatConnect — Threat intelligence platform with built-in orchestration and automation. AI-driven analysis for SOC and incident response teams.
• Recorded Future
• Mandiant Advantage
• Anomali Threatstream

OSINT & Recon

Gather open-source intelligence.

• Maltego — Visual link analysis and data mining tool for OSINT investigations.
• SpiderFoot — Open-source automated OSINT tool with 200+ data source modules.
• Shodan
• Censys

Dark Web Monitoring

Track adversary chatter and leaked creds.

• CloudSEK — AI-powered digital risk monitoring tracking brand impersonation, data leaks, and attack surface exposure across surface, deep, and dark web.
• Flashpoint
• Kela Darkbeast

Malware Analysis

Analyze adversary tools.

• VirusTotal Analysis — Multi-engine file and URL scanning with 70+ AV engines and AI-powered code analysis.
• ANY.RUN — Interactive malware sandbox with real-time analysis and threat intelligence feeds.
• Hybrid Analysis – Free Malware Sandbox by CrowdStrike — Free online malware sandbox powered by CrowdStrike Falcon. Upload suspicious files for behavioral analysis, network traffic capture, and threat intelligence. Trusted by 5M+ security researchers worldwide.
• YARA Rules Engine — Open-source pattern matching tool for malware researchers to identify and classify malware samples.

Sharing & Dissemination

Distribute intel in STIX/TAXII format.

• MISP Platform — Open-source threat intelligence sharing platform for collaborative analysis and IOC exchange.
• Opencti
• Taxii Server

Frequently Asked Questions